The CreatorCon Call for Content is officially open! Get started here.

SecOps forum
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Forum Posts

Resolved! How can I track when data is exported from an instance?

Hi, Is there any way to track if a user is exporting data from an instance? The transaction logs give me lots of information but I'm struggling to pinpoint when the function of exporting to .csv, .xls or pdf is happening. Appreciate any help...

ners by Giga Contributor
  • 3102 Views
  • 2 replies
  • 2 helpfuls

Risk score configuration

Hi, I'm just getting started with Security incident response, and I'm lost on how the risk score gets calculated out of the box. I'm trying to go through the RiskScoreUtil script include, but just wondering if someone else has already done this, and ...

cbester by Tera Contributor
  • 2455 Views
  • 3 replies
  • 1 helpfuls

Where is the correlation_id value used?

Hello..   I have been trying to understand where is the correlation_id field is used in the security operations application when managing an incoming security event.OOB, I think the SIEM (Splunk) sends a snsecevent message to SN.   I get to see the c...